ABSTRACT
One of the most common problems associated with network security is access control. Access control is the key to all aspects of security, and it is a point that should be well considered by any security team. A common misconception about access control is that is begins and ends with locked doors, and this is sadly mistaken. Access control limits access to specific area of buildings, which house network servers, offices, terminals, and a host of other devices and data that must be protected. PKI would be useful to the Security Professional, as it creates a Web of Trust between all users on the network, and when that trust is violated, only then does the security team have to jump into action. This technique is being used within the medical field and in many research and development departments across the United States, but is not currently in place in the typical office environment. This method would enhance the overall security of a given office network, provide the security teams with an easier network to maintain, and speed up the flow of data within the office environment.
- Kiran, S., Lareau, P., and Lyod S. 2002. PKI Basics: A Technical Perspective. PKI Note. http://www.pkiforum.org.Google Scholar
- Introduction to Public Key Infrastructure (PKI). http://www.articsoft.comGoogle Scholar
- Raina, K. (2003). PKI security solutions for the enterprise: Solving HIPAA, E-Paper Act, and other compliance issues. Danvers, MA 01923: Wiley Publishing. Google ScholarDigital Library
- Røstad, L. (2008). Access Control in Healthcare Information Systems: Thesis for the degree of Philosophiae Doctor (PhD). Trondheim, Norway: Norwegian University of Science and Technology.Google Scholar
- Whitten A. and J. D. Tygar, Why Johnny Can't Encrypt A Usability Evaluation of PGP 5.0, Proceedings of the 8th USENIX Security Symposium (Washington, D. C., Aug. 23--36, 1999), 169--184. Google ScholarDigital Library
Index Terms
- PKI and access control in office environments
Recommendations
Cryptography based access control in healthcare web systems
InfoSecCD '10: 2010 Information Security Curriculum Development ConferenceAccess control is the capacity of a particular subject (user, process) to permit or deny the use of a specific object (data, file). Access control mechanisms can be used in managing physical resources and logical resources. Cryptography access control ...
Access Control and Information Flow Control for Web Services Security
With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less ...
Access control in IoT environments: Feasible scenarios
AbstractThe Internet of Things (IoT) is the extension of the internet to the physical world where all objects collect information and interact with their environments with no or little human intervention. They collect and transfer sensitive and private ...
Comments